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DETAILED ACTION 

1 . This Office Action vacates the Office Action mailed on 1 0-27-201 0. 

2. Claims 1 - 4, 6 - 16, 18 - 26, 28 - 34 are pending. Claims 1, 13, 23 have been 
amended, Claims 5, 17, 27 have been cancelled. Claims 1, 13, 23 are independent. 
This application was filed 12-23-2003. 

Response to Arguments 

3. Applicant's arguments have been fully considered but they were not persuasive. 

3.1 The 1 1 2 Rejection directed towards the claim limitation: "transmitting a redirect 
message to said browser, thereby redirecting said request to the second server" is 
withdrawn due to Applicant's Remarks concerning the redirection of a redirected 
message. . 

A 1 12 Rejection has been entered based on claim limitation of transmitting a 
redirect message to said browser or a client device. The specification discloses 
redirecting a message between a first server and a second server. Applicant has 
stressed in remarks that the redirect request and session token information (session ID 
and time parameter) must be directed to different destinations (Remarks Page 14). The 
specification discloses that the redirect message in addition to the session ID and time 
parameter combination are redirected to a second server without going through any 
intermediate destination(s). 
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3.2 Applicant argues, obvious rejection. (Remarks Pages 11-12) 

The Examiner has based the 103 rejection on a teaching, suggestion or motivation 
to select and combine features from the cited references. 

A 103 rejection based on multiple references is a legitimate technique according to 
the MPEP. The current application is rejected based on Williams, Woods and LEVY. 
The set of references are in a same field of endeavor as the claimed invention, 
concerning the processing of content certification. The 103 rejection allows portions of 
a claimed invention to come from different prior art references. 

The rejection to each independent and dependent claim includes a citation from 
the referenced prior art that discloses the basis for the rejection. Each obviousness 
combination clearly indicates the claim limitation the combined reference prior art 
teaches. In addition, a cited passage from the referenced prior art clearly indicates the 
motivation for the obviousness combination. Each obviousness combination's 
disclosure is equivalent to the Applicant's claimed limitation(s) for the claimed invention. 

All references (Williams, Wood, and LEVY) disclose the transfer of session 
information such as identifiers, time/date information such as timestamps, and session 
state information between network-connected systems (servers, clients). 

3.3 Applicant argues that the referenced prior art does not disclose, the transfer of the 
session ID and time parameter. (Remarks Page 13) 

The referenced prior art discloses the transmission of a session ID and a time 
parameter between two network-connected servers. Applicant has indicated that the 
rational for the transfer of the session ID and time parameter is to assist the second 
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server receiving the redirected message in the processing of session management 
information. It is not a requirement that the referenced prior art solve the same 
problem as the claimed invention in order to be combinable. 

Despite this fact, the prior art references (Williams, Wood and LEVY) still disclose 
the transfer of a session ID and time parameter combination between two network- 
connected systems. Williams discloses the redirection or transfer of a session request, 
(see Williams paragraph [0067], lines 12-18: redirection of session information) And, 
Woods discloses the direct transmission of a session token within a redirected request, 
(see Wood paragraph [0044], lines 8-14; paragraph [0051], lines 1-3: session token with 
redirection request) And, LEVY discloses the transfer of session information such as a 
session ID and a time/date parameter (timestamp) between server systems. (LEVY 
paragraph [0070], lines 3-9: record is created; record consists of sessionjd, date and 
time (timestamp)) 

3.4 Applicant argues that the referenced prior art does not disclose, transmitting a 
redirect message to a browser, thereby redirecting said request to the second server. 
(Remarks Page 13) 

The specification discloses the redirection of a request message from a first server 
to a second server, (see specification paragraph [0033]) There is no disclosure to 
redirect a request message from a first server to a browser (a client system) and then 
the client system redirecting the request message to a second server (or through an 
intermediate destination) 
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Woods specifically discloses a redirect response message transmitted in response 
to a redirect request, (refer to Section 3.3) The redirect request and the initial request 
are not transmitted to the same destination. The specification does not disclose the 
transmission of a redirect request message to a browser (client system) but that a 
request message is received and that the particular request message is redirected to 
another server. The specification discloses redirecting a request from a first server to 
another or a second server. 

Woods discloses the direct transfer of session state parameters such as in LEVY 
that discloses session ID parameter and time/date parameter transferred between 
network-connected systems, (see Wood paragraph [0050], lines 15-17: session 
parameters can be passed directly between systems) Williams and Woods disclose 
the direct transfer of session parameters. 

LEVY discloses the transfer of both a session ID parameter and a time and date or 
timestamp parameter between network-connected systems. (LEVY paragraph [0070], 
lines 3-9: record is created; record consists of session_id, date and time (timestamp)) 

3.5 Applicant argues, that the redirect request of Williams does not include a session 
token. (Remarks Page 13) 

Williams is used to disclose redirecting a request between network-connected 
systems. Woods is used to disclose the redirection of a session token between 
network-connected systems in a direct transmission. Applicant is reminded that a 1 03 
rejection based on multiple references is a legitimate technique according to the MPEP. 
Williams and Woods combination discloses the indicated claim limitation(s). 
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3.6 Applicant argues that the referenced prior art does not disclose, that the redirect 
response and session token are transmitted to the same destination. (Remarks Page 
14) 

The redirect message (redirected request message) is transmitted from a first 
server to a second server. Based on the specification and original claims the session 
token information (session ID and time parameter) are transmitted to a second server, 
(see specification paragraph [0033]) Based on specification and original claims the 
redirected request message and the session ID and time parameter combination are 
transmitted to a second server (same destination). Applicant argues that the redirect 
message is transmitted to a browser (client system) which is a different destination. 
There is no disclosure for this claim limitation. (Refer to 1 1 2 Rejections) 

3.7 Applicant argues that the referenced prior art does not disclose, that the redirect 
request of Woods is a new session token. (Remarks Page 14) 

Woods discloses the transfer of a session token between network-connected 
systems. There is no disclosure within the claimed invention indicating whether a new 
session token as opposed to an existing session token is required. 

3.8 Applicant argues, Independent Claim 23. (Remarks Page 15); transmitting a 
redirect message to said browser, thereby redirecting said request to the second server 
and in conjunction with said transmitting, transmitting said session ID and said 
timestamp directly to second server. (Remarks Page 16) 
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The rejection for claim 1 (refer to section 3.2) in the current Office Action indicates 
the references used to reject these claim limitations. Independent claim 23 has similar 
limitations as independent claim 1 . Responses to arguments for independent claim 1 
answer arguments against independent claim 23. 

3.9 Applicant argues, Bachman reference for Claims 7 and 8; for Claims 19 and 20; 
and for Claims 29 and 30 (Remarks Pages 18-20) 

Bachman is not used to disclose the transfer of session information between 
network-connected systems but is used to disclose a time-out capability. Williams, 
Woods, and LEVY disclose the indicated claims limitations for independent claims. 
Refer to Section 3.2. 

Claim Rejections - 35 USC §112 

4. The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

5. Claims 1, 13, 23 are rejected under 35 U.S.C. 112, first paragraph, as failing to 
comply with the written description requirement. The claim(s) contains subject matter 
which was not described in the specification in such a way as to reasonably convey to 
one skilled in the relevant art that the inventor(s), at the time the application was filed, 
had possession of the claimed invention. For Claims 1, 13, 23, there does not appear 
to be disclosure for the previously amended claim limitation: transmitting a redirect 



Application/Control Number: 10/733,326 Page 8 

Art Unit: 2436 

message to said browser, thereby redirecting said request to the second server, within 
the specification or original claims. The specification only discloses that a redirect 
message is transferred from a first server to a second server, (see Specification 
paragraph [0007]: redirecting the request to the second server) There is no disclosure 
that a request message is redirected to a browser (a client system) and then the client 
system redirects the request message to a second server. For further clarity, there is 
no disclosure of the redirection of a request message to a client system as an 
intermediate destination and then transmitting the request message to a second server. 

For Claim 13, there does not appear to be disclosure for the amended claim 
limitation: the redirect message prompting transmission of said request to said second 
server. There does not appear to be disclosure for a redirect message which is used 
to initiate or prompt the transmission of a request to a second server. 
Appropriate correction is required. 

Claim Rejections - 35 USC §103 

6. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 1 02 of this title, if the differences between the subject matter sought to be patented and the prior art 
are such that the subject matter as a whole would have been obvious at the time the invention was made 
to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 

7. Claims 1 - 4, 6, 9 - 16, 18, 21 - 26, 28, 31 - 34 are rejected under 35 U.S.C. 
103(a) as being unpatentable over Williams et al. (US PGPUB No. 20030005118) in 



Application/Control Number: 10/733,326 Page 9 

Art Unit: 2436 

view of Wood et al. (US PGPUB No. 20040210771) and further in view of LEVY et al. 
(US PGPUB No. 20020124074). 

With Regards to Claims 1, 23, Williams discloses a method, computer program 
product of secure session management for a web farm, the web farm including a first 
server and a second server, the second server having a requested web page, the 
method comprising: 

a) receiving, at the first server, a request for the requested web page from a 
browser, said request including an encrypted session token associated with a 
session; (see Williams paragraph [0016], lines 1-4: session management; 
paragraph [0019], lines 1-5: request processing; paragraph [0016], lines 1-4: 
session token; paragraph [0050], lines 10-16; paragraph [0051], lines 14-16: 
encryption utilized for security; paragraph [0016], lines 1-4: program product) 

Furthermore, Williams discloses the following: 

b) decrypting , at the first server, said encrypted session token at the first server to 
obtain session information; (see Williams paragraph [0020], lines 8-1 1 : validate 
(decryption required in order to process encrypted information) session 
information, process encrypted session information; paragraph [0016], lines 1-4: 
program product) 

c) : transmitting , at first server, a redirect message, said redirect message promoting 

transmission of said request to the second server, (see Williams paragraph 
[0067], lines 12-18: redirection of session information; implies a redirect message 
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is transmitted) 

e) receiving at the second server, said request: (see Williams paragraph [0067], 
lines 16-18: redirection of session information; implies the redirected request is 
received at the destination node (server)) 

Williams discloses for g): verifying said session, (see Williams paragraph [0020], 
lines 8-1 1 ; paragraph [0074], lines 7-1 1 : validate session token information, client 
and session identification information) 

Williams does not specifically disclose transmitting, at the first server, said session 
token to the second server and verifying said session under control of said second 
server. 

However, Wood discloses: 

d) in conjunction with said transmitting said redirect message , transmitting , at the 
first server, said session token to the second server; (see Wood paragraph 
[0044], lines 8-14; paragraph [0051], lines 1-3: session token with redirection 
request) 

g) verifying said session under control of said second server , (see Woods 
paragraph [0052], lines 13-17: receives request and determine appropriate 
authentication scheme to achieve a given trust level) 
It would have been obvious to one of ordinary skill in the art to modify Williams 
for transmitting, at the first server, said session token to the second server and 
verifying said session under control of said second server as taught by Wood. One 
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of ordinary skill in the art would have been motivated to employ the teachings of 
Wood to upgrade session credentials and maintain session continuity, (see Wood 
paragraph [0016], lines 11-16) 

Williams-Wood does not specifically disclose the transfer of a session ID parameter 
and time and date (timestamp) parameters between two network-connected systems 
(servers). 

However, LEVY discloses: for b): obtain a session ID and a timestamp and for c): 
wherein including transmitting said session ID and timestamp directly to the second 
server, (see LEVY paragraph [0070], lines 3-9: record is created; record consists of 
sessionjd, date and time (timestamp)) 

And, LEVY discloses for f): receiving, at the second server, said session ID and said 
timestamp from said first server: (see LEVY paragraph [0071], lines 2-4: record 
corresponding to sessionjd is retrieved; (implies record is received at the network 
node); paragraph [0070], lines 3-9: message sent to server; implies information 
received at server) 

The explicit transfer of a session ID and a timestamp (both parameters) between 
network-connected systems is disclosed. 

It would have been obvious to one of ordinary skill in the art to modify Williams- 
Wood for the transfer of a session ID parameter and time and date (timestamp) 
parameters as taught by LEVY. One of ordinary skill in the art would have been 
motivated to employ the teachings of LEVY to enable real-time monitoring of 
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systems to greatly assist in the management of sessions between network- 
connected systems, (see LEVY paragraph [0027], lines 1-5) 



With Regards to Claims 2, 24, Williams discloses the method, computer program 
product claimed in claims 1 , 23, further including creating a new session token, 
encrypting said new session token at the second server to produce a new encrypted 
session token, and transmitting a response to said browser from the second server, 
wherein said response includes said new encrypted session token, (see Williams 
paragraph [0016], lines 7-13; paragraph [0016], lines 4-7: generate new encrypted 
session token and transfer; paragraph [0016], lines 1-4: software implementation, 
program product) 



With Regards to Claims 3, 5, 15, 25, Williams discloses the method, system, computer 
program product claimed in claims 2, 13, 14, 23, 24, wherein said creating a new 
session token includes generating a new session ID and updating said timestamp. (see 
Williams paragraph [0062], lines 9-16; paragraph [0050], lines 1-5: session token, 
session ID and timestamp; paragraph [0016], lines 1-4: software implementation, 
program product) 

LEVY specifically discloses a session ID and a timestamp as disclosed in claim 1 
above. 



With Regards to Claims 4, 16, 26, Williams discloses the method, system, computer 
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program product claimed in claims 2, 14, 24, further including a step of updating a 
common session database by replacing said session information with said new session 
token in said common session database, (see Williams paragraph [0069], lines 9-15: 
database for session token information storage paragraph [0016], lines 1-4: software 
implementation, program product) 

Williams does not disclose the transfer of a session ID parameter and a time and date 
(timestamp) parameter between two network connected systems. 
However, LEVY discloses transmitting said session ID and timestamp directly to the 
second server. (LEVY paragraph [0070], lines 3-9: record is created; record consists of 
sessionjd, date and time (timestamp)) 

The explicit transfer of a session ID and a timestamp (both parameters) between 
network-connected systems is disclosed. 

It would have been obvious to one of ordinary skill in the art to modify Williams for 
the transfer of a session ID parameter and time and date (timestamp) parameter as 
taught by LEVY. One of ordinary skill in the art would have been motivated to employ 
the teachings of LEVY to enable real-time monitoring of systems to greatly assist in the 
management of sessions between network-connected systems, (see LEVY paragraph 
[0027], lines 1-5) 



With Regards to Claims 6, 18, 28, Williams discloses the method, system, computer 
program product claimed in claims 1,17, 23, wherein a common session database 
contains a stored session ID and a stored timestamp, and wherein said verifying 
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includes comparing said session ID and said timestamp with said stored session ID and 
said stored timestamp. (see Williams paragraph [0069], lines 9-15: database for session 
token information storage; paragraph [0062], lines 9-16; paragraph [0050], lines 1-5: 
session token, session ID and timestamp; paragraph [0020], lines 8-1 1 : verification 
session information paragraph [0016], lines 1-4: software implementation, program 
product) 

With Regards to Claims 9, 21, 31, Williams discloses the method, system, computer 
program product claimed in claims 1,13, 23, wherein said step of transmitting includes 
incorporating said session information into a URL. (see Williams paragraph [0044], lines 
8-12: URL processing techniques utilized paragraph [0016], lines 1-4: software 
implementation, program product) 

Williams-Wood does not specifically disclose incorporating a session ID parameter and 
a time and data (timestamp) parameter into a record. 

However, LEVY discloses incorporating said session ID and timestamp into a record. 
(LEVY paragraph [0070], lines 3-9: record is created; re cord consists of sessionjd, 
date and time (timestamp)) 

The explicit transfer of a session ID and a timestamp (both parameters) between 
network-connected systems is disclosed. 

It would have been obvious to one of ordinary skill in the art to modify Williams for 
incorporating said a session ID parameter and a time and date (timestamp) parameter 
into a record as taught by LEVY. One of ordinary skill in the art would have been 
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motivated to employ the teachings of LEVY to enable real-time monitoring of systems to 
greatly assist in the management of sessions between network-connected systems, 
(see LEVY paragraph [0027], lines 1-5) 

With Regards to Claims 10, 32, Williams discloses the method, computer program 
product claimed in claims 1 , 23, wherein a session management web service performs 
said step of verifying, said session management web service being accessible to said 
first server and said second server, and wherein said verifying includes comparing said 
session information with stored session data, (see Williams paragraph [0020], lines 8- 
1 1 : session information verification paragraph [0016], lines 1-4: software 
implementation, program product) 

Williams does not specifically disclose transferring said session ID and time and date 
(timestamp) between systems. 

However, LEVY discloses transferring said session ID and timestamp between systems. 
(LEVY paragraph [0070], lines 3-9: record is created; record consists of session_id, 
date and time (timestamp)) 

The explicit transfer of a session ID and a timestamp (both parameters) between 
network-connected systems is disclosed. 

It would have been obvious to one of ordinary skill in the art to modify Williams for 
the transfer of session ID and time and date (timestamp) between systems as taught by 
LEVY. One of ordinary skill in the art would have been motivated to employ the 
teachings of LEVY to enable real-time monitoring of systems to greatly assist in the 
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management of sessions between network-connected systems, (see LEVY paragraph 
[0027], lines 1-5) 

With Regards to Claims 11, 33, Williams discloses the method, computer program 
product claimed in claims 10, 32, wherein the web farm further includes a common 
session database containing said stored session data, (see Williams paragraph [0013], 
lines 5-9; paragraph [0036], lines 3-4: web farms, set of interconnected web servers 
paragraph [0016], lines 1-4: software implementation, program product) 

With Regards to Claims 12, 22, 34, Williams discloses the method, system, computer 
program product claimed in claims 1,13, 23, wherein said requested web page includes 
a web resource selected from the group including an applet, an HTML page, a Java 
server page, and an Active server page, (see Williams paragraph [0044], lines 3-8; 
paragraph [0042], lines 8-15: protected resource, a HTML web page paragraph [0016], 
lines 1-4: software implementation, program product) 

With Regards to Claim 13, Williams discloses a system for secure session 
management, the system being coupled to a network and receiving a request for a 
requested web page from a browser via the network, the request including an encrypted 
session token, the system comprising: 

a) a first server including a first request handler for receiving the request and 
decrypting the encrypted session token to produce session information, (see 
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Williams paragraph [0013], lines 5-9; paragraph [0050], lines 10-16: multiple 
servers, encrypted; paragraph [0020], lines 8-1 1 : validate (i.e. must decrypt in 
order to process) session information) 
Furthermore, Williams discloses the following: 

b) a second server including the requested web page; (see Williams paragraph 
[0013], lines 5-9: multiple servers; paragraph [0044], lines 3-8; paragraph [0042], 
lines 8-15: resource requested, a HTML web page) 

c) a common session database including stored session data; (see Williams 
paragraph [0069], lines 9-15: database for session token information storage) 

d) a session management web service, accessible to said first server and said 
second server and including a validation component for comparing said session 
token with said stored session data; (see Williams paragraph [0020], lines 8-1 1 : 
session verification information) 

Williams discloses for e): wherein said first request handler adapted to transmit a 
redirect message, the redirect message prompting transmission of said request to 
said second server, (see Williams paragraph [0067], lines 12-18: redirection 
capabilities) 

Williams does not specifically disclose the transfer of session state information 
between two servers. 
However, Wood discloses: 

e) transmit the session information to said second server, (see Wood paragraph 
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[0044], lines 8-14; paragraph [0051], lines 1-3: session token with redirection 
request; paragraph [0050], lines 15-17: direct transfer of parameters between two 
systems) 

It would have been obvious to one of ordinary skill in the art to modify Williams 
for the transfer of session state information between two servers as taught by Wood. 
One of ordinary skill in the art would have been motivated to employ the teachings of 
Wood in order to enable the capability to upgrade session credentials and maintain 
session continuity, (see Wood paragraph [001 6], lines 11-16) 

Williams does not specifically disclose transmitting said session ID and timestamp 
between systems. 

However, LEVY discloses transmitting said session ID and timestamp between 
systems. (LEVY paragraph [0070], lines 3-9: record is created; re cord consists of 
session_id, date and time (timestamp)) 

The explicit transfer of a session ID and a timestamp (both parameters) between 
network-connected systems is disclosed. 

It would have been obvious to one of ordinary skill in the art to modify Williams 
for transmitting said session ID and timestamp between systems as taught by LEVY. 
One of ordinary skill in the art would have been motivated to employ the teachings of 
LEVY to enable real-time monitoring of systems to greatly assist in the management 
of sessions between network-connected systems, (see LEVY paragraph [0027], 
lines 1-5) 



Application/Control Number: 10/733,326 Page 19 

Art Unit: 2436 

With Regards to Claim 14, Williams discloses the system claimed in claim 13, wherein 
said session management web service includes a token generator for creating a new 
session token for said second server, and wherein said second server includes a 
second request handler, said second request handler encrypting said new session 
token to produce a new encrypted session token and transmitting a response to said 
browser, wherein said response includes said new encrypted session token, (see 
Williams paragraph [0016], lines 7-10; paragraph [0016], lines 4-7: new session token 
generated and transferred; paragraph [0050], lines 10-16; paragraph [0051], lines 14- 
16: encrypted session token information) 

8. Claims 7, 8, 19, 20, 29, 30 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Williams in view of Wood and further in view of LEVY and 
Bachman et al. (US Patent No. 5,907,621). 

With Regards to Claims 7, 19, 29, Williams discloses the method, system, computer 
program product claimed in claims 1,14, 23. (see Williams paragraph [0050], lines 1-5 : 
time parameter usage and processing; paragraph [0016], lines 1-4: software 
implementation, program product) 

Williams does not specifically disclose a time out processing capability. 
However, Bachman discloses wherein including determining whether a session has 
timed out, said step of determining including determining an elapsed time between said 
timestamp and a current server time, and comparing said elapsed time with a 
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predetermined maximum time to determine whether said session has timed out. (see 
Bachman col. 1, lines 65-67: session management; col. 4, lines 11-17; col. 6, lines 10- 
19: process time out condition) 

It would have been obvious to one of ordinary skill in the art to modify Williams to 
process a time out condition as taught by Bachman. One of ordinary skill in the art 
would have been motivated to employ the teachings of Bachman to create a secure 
communications session between server and client systems and avoid distracting the 
client with the placement of token information within the page, (see Bachman col. 1 , 
lines 65-67; col. 2, lines 15-17) 

With Regards to Claims 8, 20, 30, Williams discloses the method, system, computer 
program product claimed in claims 7, 19, 29. (see Williams paragraph [0050], lines 1-5: 
time parameter usage and processing; paragraph [0016], lines 1-4: software 
implementation, program product) 

Williams does not specifically disclose a time out processing capability. 
However Bachman discloses wherein includes closing said session if said session has 
timed out. (see Bachman col. 1, lines 65-67: session management; col. 4, lines 11-17; 
col. 6, lines 10-19: process time out condition, session erased, closed) 

It would have been obvious to one of ordinary skill in the art to modify Williams to 
process a time out condition as taught by Bachman. One of ordinary skill in the art 
would have been motivated to employ the teachings of Bachman to create a secure 
communications session between server and client systems and avoid distracting the 



Application/Control Number: 10/733,326 Page 21 

Art Unit: 2436 

client with the placement of token information within the page, (see Bachman col. 1 , 
lines 65-67; col. 2, lines 15-17) 



Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Carlton V. Johnson whose telephone number is 571- 
270-1032. The examiner can normally be reached on Monday thru Friday , 8:00 - 
5:00PM EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser Moazzami can be reached on 571-272-4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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